using denyhosts

I came across this service called denyhosts…
It basically keeps your server from the unwanted ssh attempts and brute force attacks. For denyhosts to work, you need to have sshd with tcp_wrappers support and python.

The IPs from which unwanted ssh attacks come are listed in /etc/hosts.deny file by denyhosts
If you want to whitelist any of them, then you can put them in /etc/hosts.allow file.

For e.g. putting sshd: 192.16.20.3 line in /etc/hosts.deny file will disable all ssh attempts from that host and putting it in /etc/hosts.allow will allow them.

Additionally what I do on my systems is … I keep only one system accessible from internet (sshd listens on both private and public interface) and on other systems I configure sshd to listen only on private interfaces. This can be achieved by putting

ListenAddress private_ip_here

line in /etc/ssh/sshd_config

The other security measure is to disable root user to access ssh at all. put PermitRootLogin no line in /etc/ssh/sshd_config file, then access system with a normal user (not a sudoer) through ssh and then use su - to gain root access.